Apple FairPlay

The Ooyala Player API for Apple FairPlay provides server-side support for Apple's
FairPlay Streaming (FPS) by processing an FPS key request and returning a key response
(CKC). Once you send your FPS credentials to Ooyala, at runtime your asset gets its CKC
using Player API routes.

Information Required for Key Retrieval During Playback

You must request a deployment package from Apple to use Fairplay Streaming (FPS).
This requires you to have an Apple developer account belonging to your organization.
See https://developer.apple.com/support/enrollment on how to get an Apple developer
account. After you establish an Apple developer account, you can request an FPS
deployment package from this page https://developer.apple.com/streaming/fps.

After you obtain a deployment package from Apple, send these items to Ooyala to use Ooyala's
server for FPS key retrieval during playback.

Items 1 and 2 are confidential and must not be sent unencrypted via email or text. You
must use PGP encryption to send the FPS application secret and FPS RSA private key
to Ooyala. See https://ssd.eff.org/en/module/how-use-pgp-mac-os-x.

Player API

The https://player.ooyala.com route is used for FPS support during playback.

To get your public certificate use the following route using your provider code as pcode:

The asset_id is the portion after skd:// in the URI tag. In this case it is key65.

The response is JSON with the following structure:

{ "ckc" : "url safe base64 encoded ckc" }

If the request is successful, the status code 200 is returned.

If the request fails, a non-200 status code is returned.

{ "error": "error message" }

The error message will be a specific reason why the request failed.

Packaging

If you are also doing your own Fairplay video packaging, please see the following page for the setup you will need DRM Attributes for Remote Assets (Including Live Streams). You also need to make sure that the value of the asset_id field in the m3u8 manifest files is set to the embed code for that asset.

Fields

The following table describes the parameters of the routes.

Parameter

Description

Required?

pcode

The provider code for your account.

Yes

asset_id

The asset_id obtained from the m3u8 manifest file for the asset. In the m3u8 manifest
file the asset_id is the portion after skd:// in the URI
tag.

Yes

spc

The SPC (Server Playback Context) generated by your app. The SPC must be generated
according to the specification published by Apple. The SPC must
be URL-safe base64 encoded. Making a base64 encoded value URL
safe involves substituting + with
- and / with
_. See more about this here
https://en.wikipedia.org/wiki/Base64#URL_applications.

Yes

auth_token

This is the token returned by Ooyala’s playback Authorization API. The Authorization
API is used by Ooyala's players to get the URL pointing to the
content. The Authorization API is described in Player Authorization API for Player V3 (Deprecated). This
parameter is required only if the asset being played requires
the Ooyala Player Token (OPT) restriction. Because FPS is used
for premium content, you should use OPT for those
assets. (Available only if your Ooyala account includes this functionality.
To enable Ooyala Player Token, contact your account manager.)

No

Configuring an iOS Client to Play FairPlay Content

To decrypt and play FairPlay content, your code must assign an
OOEmbeddedSecureURLGenerator object to the
OOOptions object used by the OOOoyalaPlayer.

Create an OOOptions object.

Create an OOEmbeddedSecureURLGenerator object and assign it
to the OOOptions.secureURLGenerator property. The
OOEmbeddedSecureURLGenerator object contains the API
Key and secret generated on the server.

Pass the OOOptions object to the
OOOoyalaPlayer object.

For example, the following code assigns the created
OOEmbeddedSecureURLGenerator object to the
OOOptions.secureURLGenerator
property:

Note: For production environments, the API Key and Secret must be generated on the server and
dynamically assigned to the fields contained in the
OOEmbeddedSecureURLGenerator object. They must not be stored in
your code as static values.